GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
22,475 advisories
JRuby-OpenSSL has hostname verification disabled by default
Moderate
CVE-2025-46551
was published
for
org.jruby:jruby
(Maven)
May 7, 2025
Passport-wsfed-saml2 allows SAML Authentication Bypass via Attribute Smuggling
High
CVE-2025-46573
was published
for
passport-wsfed-saml2
(npm)
May 6, 2025
ZITADEL Allows IdP Intent Token Reuse
High
CVE-2025-46815
was published
for
github.com/zitadel/zitadel
(Go)
May 6, 2025
goshs route not protected, allows command execution
Critical
CVE-2025-46816
was published
for
github.com/patrickhener/goshs
(Go)
May 6, 2025
@misskey-dev/summaly allows IP Filter Bypass via Redirect
Moderate
GHSA-jqx4-9gpq-rppm
was published
for
@misskey-dev/summaly
(npm)
May 6, 2025
Umbraco Makes User Enumeration Feasible Based on Timing of Login Response
Moderate
CVE-2025-46736
was published
for
Umbraco.Cms
(NuGet)
May 6, 2025
Terraform WinDNS Provider improperly sanitizes input variables in `windns_record`
Low
CVE-2025-46735
was published
for
github.com/nrkno/terraform-provider-windns
(Go)
May 6, 2025
Remote Code Execution Vulnerability in vLLM Multi-Node Cluster Configuration
High
CVE-2025-30165
was published
for
vllm
(pip)
May 6, 2025
Langroid Allows XXE Injection via XMLToolMessage
High
CVE-2025-46726
was published
for
langroid
(pip)
May 5, 2025
league/commonmark contains a XSS vulnerability in Attributes extension
Moderate
CVE-2025-46734
was published
for
league/commonmark
(Composer)
May 5, 2025
ProTip!
Advisories are also available from the
GraphQL API